Developing a Records Management policy · Information Management Advice 50 Developing a Records Management policy Introduction This advice explains how to develop and implement a

Information Management Advice 50 Developing a Records Management policy

Introduction

This advice explains how to develop and implement a Records Management policy. Policy is central to the development and communication of a successful records management program. It provides a clear directive from the senior executive to all staff about what is acceptable recordkeeping behaviour. The Records Management policy must be supported by documented processes and sets of procedures that govern its implementation.

This Advice identifies the benefits of having a Records Management policy, and outlines the steps involved in its development and implementation. The main elements that should be included are covered, along with a brief explanation of why they are needed.

Benefits of a Records Management Policy

A good information management policy will enable the agency to:

• Align with its operating environment, strategic direction, policy framework, and recordkeepingprogram;

• Have the policy endorsed and actively supported and resourced by the senior executive. Such apolicy should be aligned with other key business policies, provides the agency with a strong platformon which to build their records management program;

• Communicate to all agency staff the agency’s commitment to records management and staffrecordkeeping responsibilities. It is an excellent way for the head of the agency to encapsulate andcommunicate their legislative responsibilities for records management;

• Promote a corporate culture of good recordkeeping practice;• Outline how records should be made and kept, including requirements for authorised disposal;• Formalise intentions and practices with respect to records management;• Comply with State Records Guideline 1 Records Management Principles• Ensure compliance with information standards and legal requirements such as the Archives Act 1983

to make and keep full and accurate records of the business of the agency;• Ensure compliance with the needs of the government (administrative, financial and accountability) and

the community;• Decrease the level of risk associated with recordkeeping practices;• Encourage ethical behaviour;• Be implemented and communicated regularly across the whole agency.


Page 2 of 10

Components of a Records Management Policy

The policy itself should provide recordkeeping directives and responsibilities in a way that is easy to understand. Detailed advice on recordkeeping procedures and tools should be included in supporting documentation. Components of a records management policy may include:

Component Details Purpose What are the aims of this policy?

Explains why a records management policy is needed and the benefits of good practice

Policy statement The policy in brief.

Provide a brief statement of the agency's commitment to good records management practices. If applicable, briefly mention factors influencing records management within the agency

Scope What is the coverage of the policy?

Specify who and what aspects of the agency's business and business transactions the policy covers. Indicate the business applications and systems the policy covers, for example websites, email and business systems.

Goals To ensure effective agency records management, covering the creation and maintenance of authentic, reliable and useable records.

Rationale Purpose of keeping records, including an overview of relevant legislation and standards

Definitions Definition of key terms

Requirements Covering which records needs to be kept, privacy, confidentiality and security of records, disposal of records, and monitoring the Records Management Program.

• Creation and maintenance of records Provide guidance on the types of information and records that need to be created, captured and managed to support agency business and legal requirements. Operational workgroups may have specific requirements to create and capture records and these should be referenced (though not reproduced) in the policy. Any separate information or training available on aspects of records management such as titling or capture should be mentioned here.

• Systems used to maintain records Establish clearly which locations are endorsed for the capture and storage of information and which locations should not be used. Larger agencies may need to provide generic examples. Endorsed systems will vary between agencies. Some agencies may use electronic records management systems and will prohibit the use of


Page 3 of 10

shared folders as an endorsed location for the permanent capture of records. Other agencies may use shared drives as an endorsed system, with appropriate controls and protocols in place. Supporting operational and procedural guidelines should be linked to the policy.

• Access to records Provide a statement supporting the concept that staff should have ready access to corporate information. Describe circumstances when it is appropriate to restrict this access. Note: this policy must be linked with your agency's Personal Information Protection, Right to Information, and Information Security policies.

• Retention or destruction of records Describe the responsibilities that staff have for retention and destruction of the agency’s records. Provide staff with the information they need to comply with authorised destruction of records. In particular, outline the correct use and disposal of short term value records. Any procedures or fact sheets explaining the use of short term value records should be linked from here. Include reference to records authorities issued by TAHO (Tasmanian Archive and Heritage Office). Consider making reference to the importance of timely destruction of records and the risks to the agency of over-retention, while also ensuring that staff understand the risks of unauthorised destruction.

• Transfer of records Outline instances when records may be required to be transferred out of the agency’s custody. Explain that records of archival value are required to be transferred to TAHO once they are no longer needed for current use, and that records may be transferred to other agencies as a result of administrative change.

• Monitoring the records management program Describe how, when and by whom the records management program will be monitored. Make a commitment to reviewing the policy and monitoring compliance. When conducting a review of the policy, consider its relevance, continuing appropriateness and staff awareness of its requirements. Monitor staff adoption of the policy at regular intervals. If direct supervisors are responsible for monitoring compliance of their staff, ensure they are aware of their responsibility and the standards expected of their staff.

Responsibilities Defined for particular positions:

• Director, Office of the Secretary (or relevant title)


Page 4 of 10

• Department and Heads of Agency Responsibilities (or relevant titles)

• Senior Advisor, Records Management (or relevant title) • Human Resources (or relevant title) • Information Technology Unit (or relevant title) • Managers • Departmental Employees

A Records Management policy template along these lines can be found on our website accompanying this advice which agencies can use and modify as they see fit.

The Policy Development Process

Step 1: Plan / Establish Need

This step involves identifying whether or not a new policy is needed or an existing policy requires significant adjustment and then planning the development of the policy. It includes consultation with key stakeholder groups, and identification of policies that need to be aligned with the information management policy.

Step 2: Research & Analysis / Drafting

This step involves conducting research to identify the content and direction of the policy, drafting the policy and consulting widely to ensure that the draft addresses everything required. Consultation and analysis will be required for the duration of the drafting process.

Step 3: Endorsement

This step concerns the formal endorsement of the policy by the head of the government agency and other relevant stakeholders. These should include the business managers of the agency and may include relevant stakeholder group endorsement.

Step 4: Communication / Implementation

This step involves communicating the policy to all agency staff, including volunteers and contract staff and putting the policy’s directives into practice.

Step 5: Review

This step is to ensure that the policy and its implementation remain up to date with the recordkeeping environment of the agency through regular monitoring of the policy, and of compliance of all staff members with it.


Page 5 of 10

The Policy Development Process (detail)

Step 1

Plan / Establish Need

What do I need to consider when planning a records management policy?

When planning to develop or adjust a records management policy, the following factors should be considered:

• Whether your agency has policy templates and processes that you will be expected to use, and if so, what gaps (if any) are there between the agency’s policy requirements and those required by its strategic management and any associated documents;

• The scope of the analysis that will need to be undertaken, including consultation and resources required;

• Who to consult with about specific aspects of the policy; and • The implications that the development or adjustment of a records management policy would have for

other policies and programs of the agency. This may mean adjusting or developing other documentation and service delivery to ensure alignment with the records management policy.

Consultation

Consulting widely with all stakeholders has the following benefits:

• Ensure that the executive are aware of the need for a records management policy; • Identify programs, systems and strategies that may need to be integrated with the policy; • Ensure that the policy can be successfully incorporated into practice across the agency; • Identify further areas of concern regarding records management that should be included in the policy

or supporting documentation; and • Ensure that accountability and responsibility regarding the management of records is addressed.

Consultation may also be used as a basis for establishing or strengthening relationships with key areas across the agency. This may include the following:

• Executive of your agency to ensure top level support and strategic alignment when developing the policy. Obtaining top level support assists with strategic alignment of the policy with agency direction;

• Information Technology / Information Communications Technology Officers and Systems Administrators, to ensure that electronic records, and records stored or managed in electronic business systems, are covered by the policy;

• Information Privacy personnel, to ensure that privacy considerations are taken into consideration when developing the policy;

• Risk Management personnel, to ensure that the link between records, good recordkeeping practice, and risk mitigation is considered when developing the policy;

• Right to Information (RTI) Officers, to ensure that the policy aligns with procedures and practices regarding dealing with RTI requests;

• Organisational business areas across the agency, to ensure that each area’s specific considerations are identified and addressed when developing the policy;

• Human Resources, Financial Services and Contract Management Teams as they will be using separate systems to create, manage and store records that will need to be taken into consideration when developing the policy; and


Page 6 of 10

• Communications and Marketing Team, to provide an understanding of communication methods used by the agency and how to tap these when promoting the completed policy.

What is the difference between a Policy and a Procedure?

A policy is a concise document that identifies responsibilities and rules. Keep in mind that any detail belongs in the documentation that supports the policy, not the policy itself.

Supporting documentation includes procedures, process documents, plans, instruction manuals, quick notes, and so forth:

• A procedure provides step by step details regarding how to do something in accordance with the rules.

• A process document links various procedures together, and describes the series of actions required for a particular undertaking, service, product delivery, or other output.

• Plans describe future actions that will occur in a particular way under specified circumstances. • Instruction manuals are very detailed instructions (both text and diagrammatical) regarding how to

do specified tasks. They often collate multiple procedures and process documents relevant to specific functions or areas of business.

• Quick notes or fact sheets provide summarised information about how to do something. They are often used as a reminder for more detailed procedures.

Supporting documentation will form part of the records management program at an operational level.

Step 2

Drafting

When drafting an information management policy, the following information is required:

• The legislative and regulatory requirements and accountabilities of the agency, and the records required to meet these requirements;

• The business and organisational objectives of the agency, and the records required to meet these objectives;

• The expectations of the agency’s stakeholders; • The principles of best practice records management, including the creation, capture, access,

management, storage and disposal of records; • The requirements or exclusions regarding the content or format of documents, technological

devices, or systems to be used; and • The actual recordkeeping practice of the agency.

Where can I find the information I need?

Existing documentation that may prove useful when drafting the policy include:

• Internal records management policies or other policies that have an information management component, including draft or defunct policies;

• Agency templates, processes and protocols that may be of relevance to records management or policy development;

• Policy statements from emails, procedures and documented processes regarding records management practices;


Page 7 of 10

• External standards, policies or directives regarding records management or that have a records management component that applies to an agency;

• Codes of conduct; • Business plans and annual reports that contain the agency’s objectives and aims; • Risk management plans, business process studies and workflow studies; • Related policies in the areas of Personal Information Protection, Right to Information and Information

Security; • Legislation that contain records or records management directives applicable to the agency; and • Procedures and manuals that address records management requirements.

Additional information can be obtained through consultation with members of agency staff (including volunteers and those under contract) and other stakeholder groups.

What should I keep in mind when drafting the policy?

When drafting the policy, consider the following questions:

• What are the risks to the agency for not managing records effectively? • How does the current recordkeeping environment fit with the policy? • What processes, procedures and systems will be needed to support implementation of the policy,

and will these differ across the business sections? • Does the policy identify the responsibilities of all members of staff (including volunteers and those

under contract) at a high level? • How can the policy be communicated to all members of staff effectively? (including volunteers and

those under contract) • Are all terms, including any jargon used or terms that may have multiple meanings, clearly defined? • Are the details and operational information regarding responsibilities, records and recordkeeping

practice captured in supporting documentation, or records management tools? • Does the policy align with other key policies across the agency?

How do I align with other policies?

Ensuring that the records management policy aligns with other key policies across the agency can be achieved through referring to the other policies directly in the records management policy, or through aligning responsibilities and rules so that they coordinate with those of the other policies. This requires:

• Understanding how the policies fit together with regard to recordkeeping; • Agreement across the agency as to what the rule or responsibility should be in situations where the

policy rulings appear to conflict; and • Understanding how the policies will translate down into procedures and other supporting

documentation


Page 8 of 10

Step 3

Approval

Once drafted, the policy requires approval from the executive of the agency. The executive should already be aware of the need for a policy on records management, including risks and benefits associated with the recordkeeping practices of the agency.

The agency may have in place a formal process for obtaining endorsement from the executive for policies or other agency directives. Prior to sending the policy to the executive for endorsement, the policy draft may have received consensus from other relevant stakeholder groups (including heads of business units, and any relevant external stakeholder groups), and may have been tested through a pilot implementation.

This will assist with implementation of the policy once executive endorsement has been received. Approval of the policy by the executive should include provision of the resources required to implement and maintain it.

Step 4

Implementation, Communication and Training

For a records management policy to be effective it must be promoted, implemented and reviewed.

While responsibility ultimately rests with the Head of agency to ensure compliance with recordkeeping obligations, State Records Guideline 1 Records Management Principles specifies that making and keeping State records is also the responsibility of all those involved in the conduct of government business. For the policy to be effective, at a minimum, agencies must ensure staff are aware of their recordkeeping responsibilities through induction programs, position descriptions, awareness raising activities, codes of conduct and procedure manuals.

Include a statement affirming that the policy will be communicated to staff and that training will be provided on aspects of the policy, and how this will occur, for example as a part of induction, on line etc. When conducting training, keep it up to date, schedule it regularly and consider how to tailor it so that it is meaningful to different workgroups in your agency.

Step 5

Review

Specifying a regular assessment date and the position responsible for conducting the assessment in the policy enables the assessment process to be incorporated into work practices. A monitoring and assessment program can be developed that includes various methods to obtain regular feedback. This program should monitor the regulatory and business environment as well as current practice within the agency.

Annual assessment of the policy is essential for it to remain up to date and relevant. Additional assessments may be required after periods of change. The monitoring and assessment program should note any additional triggers for assessment, such as legislative, machinery of government and industry change, or introduction of new systems.

Work plan discussions, which may occur several times every year, provide the opportunity for managers to determine how well their staff know and follow the policy. Forums to identify issues that members of staff have with the policy and its implementation enable those responsible for the policy to assess its practical application. This may lead to further training or guidance, or trigger adjustments to the policy.


Page 9 of 10

Regular communication with managers of business units regarding the introduction of new systems or changes in records management practice will assist with targeting internal changes. Integration of the records management policy with other corporate policies, strategies and programs should enable business units to flag situations that may affect the policy.

It may be useful from time to time to conduct an external audit to assess the agency against its policy.

Checklist

Considerations or

Does an authorised records management policy exist in your agency

Is it current and comprehensive? (covering all formats, that current recordkeeping systems identify best practice and comply with legislation and standards)

Do staff know about the policy and understand their recordkeeping responsibilities? (training, procedure manuals, awareness campaigns, defined responsibilities)

Is the existing policy monitored? (relevance and application by staff, how is it monitored?)

If your agency is unable to tick all of the above, then you need a records management policy or the existing policy needs to be reviewed and updated.


Page 10 of 10

Further Advice

For more detailed advice, please contact:

Government Information Strategy Unit Tasmanian Archive and Heritage Office 91 Murray Street HOBART TASMANIA 7000 Telephone: 03 6165 5581 Email: [email protected]

Acknowledgements

Archives New Zealand, A guide to developing a recordkeeping policy (2006)

National Archives of Australia, Information and records management policy - template

Public Records Office of Victoria, PROS 10/10: Guideline 1: Records Management Policy (2010)

Queensland State Archives, Public Records Brief - A recordkeeping update for Queensland Public Authorities May 2010 Developing a recordkeeping policy

TAHO also acknowledges the assistance of the Department of Justice, Department of Police and Emergency Management, Integrity Commission, and Glenorchy City Council in developing the Records Management policy template.

Information Security Classification

This document has been security classified using the Tasmanian Government Information Security classification standard as PUBLIC and will be managed according to the requirements of the Tasmanian Government Information Security Policy.

Document Development History Build Status

Version Date Author Reason Sections

2.0 April 2015 Christine Woods Template All

1.0 16-08-2013 David Bloomfield Initial Release All

Amendments in this Release

Section Title Section Number Amendment Summary

All All Document imported into new template

Issued: August 2013

Ross Latham State Archivist

mailto:[email protected]

Policy for Records Management (template for agency use)

Version Date File: Fileref

( en te r name o f agency ) ( e n t e r n ame o f b u s i n e s s u n i t – i f r e l e v an t )

Title: Draft – Version Date

2

Purpose The purpose of this policy is to provide guidance and direction on the creation and management of information and records and to clarify staff responsibilities. (Name of agency) is committed to establishing and maintaining information and records management practices that meet its business needs, accountability requirements and stakeholder expectations.

The benefits of compliance with this policy will be trusted information and records that are well described, stored in known locations and accessible to staff and clients when needed.

This policy is written within the context of (name of agency) information and records management framework which is located at XXXX. This policy is supported by complementary policies and additional guidelines and procedures which are located at XXXX.


3

Policy statement [Our agency’s] information and records are a corporate asset, vital both for ongoing operations and also in providing valuable evidence of business decisions, activities and transactions.

All agency records must be managed and maintained regardless of their format in an authorised information management system.

All agency staff are required to create and maintain authentic, reliable and useable information, documents and records, and protect their integrity for as long as they are required through:

• Ensuring that full and accurate records are created and maintained for each business processfollowed in the agency

• Preserving records, whether hard copy or electronic, safely and securely

• Ensuring that electronic records are saved and stored in the agency’s recordkeeping system, orother approved system, with appropriate metadata captured and naming conventions used to enable their efficient retrieval and use

• Ensuring records are accessible over time to support the conduct of business, and that they areonly retained for as long as required by the agency and relevant legislation

• Assigning responsibilities for recordkeeping in the agency.

The agency aspires to proactively implement systems and processes which will enable records and information to be stored in an electronic format wherever possible. (delete if not relevant)

This Policy is to be read in conjunction with the (name any relevant agency information management guidelines here). All practices and procedures concerning records management within the (name of agency) must be in accordance with this Policy.


4

Scope This policy applies to the management and maintenance of records through their life cycle from creation, receipt or capture, to preservation and disposal under the provision of the Archives Act 1983. It includes records in any format held in the agency’s information systems. This policy covers the work practices of staff and consultants who:

• Create information

• Access information

• Have responsibility for information including storage, retrieval, dissemination and disposal

• Have management responsibilities for officers engaged in any of these activities

• Manage or have design input into information technology infrastructure.

The key distinction between agency records and other types of information is that records provide evidence of business activities (refer to ‘Definitions’ section in this document for definition of a record).

Records exist in a variety of formats including, but not limited to paper documents, electronic messages, word processed letters, web-pages, information in databases, photographs, film, charts etc.

Regardless of format, records must be created, captured, maintained, secured and disposed of in accordance with the requirements of this Policy (refer to ‘Requirements’ section in this document).


5

Goals The goals of this Policy are

• to ensure effective agency records management, covering the creation and maintenance ofauthentic, reliable and useable records.

• to ensure the agency’s records support the accountability and transparency of its business functionsand activities for as long as those records are required.

• to provide evidence of the agency’s commitment to best practice records management.

• to set out the responsibilities of staff, clarifying their accountability for records and informationmanagement (refer to ‘Responsibilities’ section in this document).

• to ensure that records and information management is done in accordance with our business andlegislative requirements (refer to ‘Rationale’ section in this document).


6

Rationale The (name of agency) records are our corporate memory, providing evidence of actions and decisions and representing a vital asset to support our daily functions and operations. Records support policy formulation, decision-making and protect the interests of (name of agency).

In addition to this records help us to make good use of precedents and organisational experience. They support consistency, continuity, efficiency and productivity in program delivery, management and administration.

State legislation and Australian Standards have been adopted as a requirement and code of best practice for the management of information and records within the agency.

They provide details of the conditions and standards by which information management and recordkeeping practices at the agency will be guided.

The following information provides an overview of key standards and legislation applicable to our agency (add or delete any from this list according to the particular requirements of your agency, only include as many as necessary for staff to understand the environment within which this policy document is set):

Archives Act 1983 establishes the requirement for Tasmanian government agencies to create and keep State records.

AS:ISO-15489.1 – Information and Documentation – Records Management provides clear guidelines for the establishment and application of records management practices, procedures and systems that have been incorporated into the agency’s information management program.

Corporations Act 2001 defines the agency’s responsibilities for keeping financial records which correctly record and explain its transactions and financial position and performance; and that enable true and fair financial statements to be prepared and audited.

Crimes Act 1924 covers criminal activity including fraud.

Electronic Transactions Act 2000 facilitates and promotes business and community confidence in the use of electronic transactions. It recognises the legal validity of transactions carried out electronically, and so permits the “recording and retention of information and documents in electronic form”. Recordkeeping practices should be applied to all records regardless of the format of those records. Where records are created electronically they should be managed appropriately.

Evidence Act 2001 describes the ways in which documents may be admitted as evidence into court. The Act describes the more acceptable formats and the features that would give more value or “weight” to records. Recordkeeping practices must ensure that the more appropriate format of the record is preserved.

Financial Management Act 1990 and Audit Act 2008 cover accounting and auditing requirements. The 1990 Act has since been amended to strengthen the powers of the Auditor-General. (these Acts are not relevant to Councils).

Financial Transaction Reports Act 1988 provides for the reporting of certain transactions and monetary transfers to the Australian Transaction Reports and Analysis Centre (AUSTRAC) and specifies minimum retention periods for account and signatory information.

Income Tax Assessment Act 1997 requires the agency to keep records of income tax returns and assessments, and any related accounting documentation such as calculations, income and expenditure records.


7

Limitations Act 1974 Sets out time periods in which legal action can be taken in various instances. The Act imposes a number of limitations on specific types of actions.

Local Government Act 1993 – Imposes a duty on Councils to create a wide variety of records (relevant only to Councils)

Personal Information Protection Act 2004 sets out rules about information handling, including how the agency may collect, use, store and disclose personal information.

Right to Information Act 2009 provides for greater access to information held by Tasmanian government bodies and encourages proactive disclosure of information held by the agency as well as giving the public access to information upon request.

State Service Act 2000 provides a legislative framework that has been designed to support a contemporary workforce and to provide the best possible services to the Government, the Parliament and the community (not relevant to Councils).

Tasmanian Government Information Security Policy is based upon the following information security policy principles:

• Availability: information is accessible and usable to authorised entities.

• Integrity: the accuracy and completeness of information is protected.

• Confidentiality: information is not made available or disclosed to unauthorised individuals, entitiesor processes.

• Proportionality: measures to protect information are relative to the risk of loss or failure ofavailability, integrity and confidentiality.


8

Definitions

Business Classification Scheme

A hierarchical model of the relationship between the agency’s functions, activities and transactions. It provides the core foundation for the development of the agency’s recordkeeping tools including a retention and disposal schedule.

Destruction Authority

A once-off authorisation from the State Archivist that permits destruction for a defined set of records.

Disposal

Involves either the destruction of records; their transfer to the Tasmanian Archive & Heritage Office for retention as part of the State archives; their transfer to another custodian; or some other process approved by the State Archivist which removes them from the custody of the agency.

Metadata

Data that describes the context, content and structure of records and their management through time.

Record

Information created, received and maintained as evidence and information by an organisation or person, in the pursuance of legal obligations or in the transaction of business. (Source: International Standard ISO 15489 – 2002, Records Management, Part 1: General, Clause 3.15)

Retention and Disposal Schedule

An ongoing authorisation from the State Archivist that specifies minimum retention periods and consequent disposal actions for a defined set of records.

State archive

State record or any other record which is deposited and preserved permanently in the Tasmanian Archive & Heritage Office.

State records

Records of State government agencies/departments, State authorities, or local authorities. These public bodies are defined in Section 3 of the Archives Act 1983.


9

Requirements

Creation and maintenance of records

Business records must be created and captured by everyone subject to this policy. Business records should provide a reliable and accurate account of business decisions and actions. Therefore it is necessary to include all necessary information to support business needs including the names, dates and time, and other key information needed to capture the business context.

Records can be folders, documents or data created, received or maintained as evidence and information of work done for or on behalf of the agency. Records may be either hard copy or electronic.

Examples of the agency’s records include (but are not limited to):

• Agendas, minutes and papers

• Case files

• Complaint correspondence

• Contracts and agreements

• Correspondence received from members of the public, private and public sector organisationsthat require action

• Documents related to events organised with or for external organisations, students etc.

• Facilities hire forms and documentation

• Media releases and articles

• Personnel recruitment and appointment documentation

• Policies and guidelines

• Reports and submissions

• Risk management registers and documentation

• Training program documentation

• WorkCover documents and files

(Note: edit this list of records according to your own agency’s needs and keep it up to date over time.)

Ultimately, if the record contains a business transaction or evidence of any decision that has been made on behalf of the agency it must be kept for the required time as per an approved Retention and Disposal Schedule authorised by the State Archivist.

Where no Retention and Disposal Schedule exists for the records they must be retained until such a time as they can be either destroyed according to a Destruction Authority authorised by the State Archivist, or transferred to the Tasmanian Archive & Heritage Office as State archives.


10

Records that do not have to be kept

Some records do not belong in the agency’s recordkeeping system, including:

• External advertising material

• Externally published newsletters that do not contain material created by or referencing the agency

• Internal e-mails received by “carbon copy” (cc) or “blind carbon copy” (bcc)

• Junk e-mail

• Personal items including e-mail

• Rough notes, working papers and calculations used solely to assist in the preparation of otherrecords such as correspondence, non-auditable reports and statistical tabulations

• Copies of any documents, preserved solely for reference

• Published material preserved solely for reference

• Electronic revisions of documents in the agency’s recordkeeping system which can bepurged/deleted when finalising documents

Documents of this nature may be destroyed, as defined by the Tasmanian Archive & Heritage Office Retention and Disposal Schedule for short-term value records (DA2158)

Systems used to maintain records

Records generated within the agency in the course of normal business practice or received from an external source are to be registered and captured in the agency’s recordkeeping system.

The following business and administrative databases and software applications are endorsed for the capture and storage of specific information and records. These include:

• Information and records management system X

• Business system Y

• Finance system Z

A full register of endorsed systems used to create or manage information and records can be found at XXXX. These endorsed systems appropriately support information and records management processessuch as creation and capture, storage, protection of integrity and authenticity, security, access and retention, destruction and transfer.

Corporate records must not be maintained in email folders, shared folders, personal drives or external storage media as these lack the necessary functionality to protect business information and records over time. Records created when using social media applications or mobile devices may need to be captured into an endorsed system.

Access to records: sharing corporate information within (name of agency)

Information is a corporate resource to which all staff may have access, except where the nature of the information requires restriction. Access restrictions should not be imposed unnecessarily but should protect:


11

• individual staff, or client privacy

• sensitive material such as security classified or material with dissemination limiting markings, forexample any records information security classified ‘Cabinet in Confidence’ or above.

When handling information, staff are reminded of their obligations outlined in their statements of duties and under the State Service Act Code of Conduct.

Release of publicly available information

In accordance with our obligations under the Right to Information Act 2009 access to publicly available information will be provided on our website. This is the responsibility of (person or area responsible in agency).

The public have legislative rights to apply for access to information held by our organisation under the Right to Information Act 2009. This applies to all information held by the agency, whether in officially endorsed records management systems or in personal stores such as email folders or shared and personal drives. Responses to applications for access under Right to Information legislation are the responsibility of (responsible person in agency).

Retention or destruction of records

Agency records are destroyed when they reach the end of their required retention period set out in Records Retention and Disposal Schedules issued by the Tasmanian Archive and Heritage Office (TAHO). Retention periods in disposal schedules take into account all business, legal and government requirements for the records. Our agency uses a number of general and agency-specific schedules to determine retention, transfer and destruction actions for its records.

(list here those Schedules relevant to your agency, including any General Disposal Schedules for State and Local Government – contact the Government Recordkeeping Unit on 6233 7232 for assistance)

Records cannot be disposed of other than in accordance with all relevant Retention and Disposal Schedules and Destruction Authorities authorised by the State Archivist. In addition to this, records cannot be disposed of without the approval of (insert title of relevant officer) and the Manager of the business unit that is the owner or is responsible for the records.

Some records can be destroyed in the normal course of business. These are records of a short-term, facilitative or transitory value that are destroyed as short term value records. Examples of such records include rough working notes, drafts not needed for future use or copies of records held for reference. See the TAHO website for the Retention and Disposal Schedule for Short Term Value Records. To discuss Business Units needs contact Agency Records Manager.

Central to the agency’s accountability process is the requirement it maintains a Register of Records Destroyed. This is the agency’s formal evidential record of destruction and must be retained permanently by the agency. The Register must be clearly identified as the Register of Records Destroyed under Section 20(2)(b) of the Archives Act 1983.

Transfer of records

At times certain records may be required to be transferred out of the custody of (name of agency). This occurs when records of archival value are no longer being actively used and/or are 25 years or older. In

http://www.apsc.gov.au/aps-employment-policy-and-advice/aps-values-and-code-of-conduct/aps-values-and-code-of-conduct-in-practice/managing-official-information

http://www.apsc.gov.au/aps-employment-policy-and-advice/aps-values-and-code-of-conduct/aps-values-and-code-of-conduct-in-practice/managing-official-information


12

this instance (name of agency) transfers them to TAHO. We are still able to access records if a subsequent need arises to consult records in TAHO’s custody.

Another instance where records may be transferred is when records are affected by administrative change and are transferred to an inheriting agency or to a private body. In either case, permission must be sort from TAHO before the records are transferred.

Contact our agency’s Records Manager to discuss the procedures for transferring records.

Monitoring the Records Management program

The records management program will be monitored for breaches of this Policy by the (position title of head of agency) who will facilitate training as required.

Day-to-day records management audit activities will be coordinated by the (position title of relevant delegated authority).


13

Responsibilities All agency staff, consultants, and contractors employed or engaged by the agency are responsible for the management of all records created in the course of their work. This includes complying with this Policy at all times.

Staff must always be mindful that all records created in the course of their employment are the property of the agency.

Specific responsibilities and accountabilities for information and records management at the agency include:

Director, Office of the Secretary (or relevant title)

The Director, Office of the Secretary (or relevant title) is responsible for:

• Ensuring that the agency’s records management program satisfies operational and legislativerequirements and obligations

• Maintaining and extending the Business Classification Scheme according to the agency’srequirements following appropriate consultation

• Implementing and continually improving the agency’s information management program

• Defining the agency’s requirements for information, records and document management

• Ensuring that staff are aware of their roles and responsibilities relating to the management ofinformation

• Maintaining and reviewing this Policy and relevant documentation as required

Department and Heads of Agency Responsibilities (or relevant titles)

The agency will support staff by:

• including records management training in induction programs

• arranging for refresher training sessions as required

Senior Advisor, Records Management (or relevant title)

The Senior Advisor, Records Management (or relevant title) is responsible for the efficient management of the agency’s recordkeeping system, ensuring that sound recordkeeping principles and records management best practice guidelines are followed and adhered to.

This involves initiating and maintaining control over daily records management activities and services in accordance with the document and records management procedures, including providing support to staff in the use of the agency’s recordkeeping system.

The Senior Advisor, Records Management (or relevant title) is also responsible for:

• Arranging training sessions for staff in the use of the agency’s recordkeeping system

• Ensuring records are captured uniformly across the agency and stored in approved corporatesystems

• Maintaining the integrity and authenticity of records


14

• Managing the storage of hardcopy records located onsite and offsite

• Managing the disposal of records under approved disposal schedules and maintaining the register ofdestroyed records

• Making and documenting configuration changes to the system as deemed necessary and via changecontrol processes

• Ongoing review and amendment of Retention and Disposal Schedules

• Ensuring the system is accessible and performing appropriately on a day to day basis

• Responding to user requests for assistance with the agency’s recordkeeping system or otherrecords management issues

Human Resources (or relevant title)

Human Resources of the agency are responsible for:

• Administration and management of employee folders

• Administration and management of records within (name of HR software program)

• Requesting the creation of personnel files

Information Technology Unit (or relevant title)

Information Technology staff are responsible for:

• Ensuring new users are added to the agency’s recordkeeping system as part of the new userinduction program

• Providing technical support for the ongoing operation and maintenance of agency systems

• Providing technical support to all staff on the use of agency systems/applications

• Publishing and updating information onto the intranet and internet in consultation with the contentowners

• Undertaking system backups

• Developing, maintaining and testing the agency’s disaster recovery plan

Managers

Managers are responsible for:

• Ensuring their staff have an appropriate awareness of information management systems andrequirements

• Ensuring that staff attend training in information management systems or procedures relevant totheir work area where necessary


15

Departmental Employees

Staff members should take care to handle records sensibly, with care and respect to avoid damage to them and to prolong their lifespan. Staff must not damage, alter or destroy information and records of the agency, without authorisation.

Staff members are responsible for using, maintaining and managing records in accordance with this Policy and the document and records management procedures.

This includes complying with these policies at all times by:

• Creating records that document their activities and decisions and saving them into the agency’srecordkeeping system or other appropriate systems

• Undertaking electronic document management activities within the agency’s recordkeeping systemto ensure revision and version controls are captured

• Ensuring e-mail records are saved in the agency’s recordkeeping system

• Ensuring paper records are scanned to electronic format and saved in the agency’s recordkeepingsystem (if relevant)

• Recording folder movement for hard copy records in the agency’s recordkeeping system

• Storing hard copy folders securely

• Ensuring hard copy records are not hoarded in work areas and are captured in a corporate systemin a timely fashion

• Learning how and where records are kept within the agency

• Not destroying records without authorisation and adhering to the agency’s disposal requirements

• Not losing records

• Being aware of and following records management procedures as outlined in the document andrecords management procedures.